Privacy policy

PRIVACY / SECURITY DECLARATION 

SECTION 1 

We are very pleased about your interest in our company. Data protection is of particular importance to the management of HerProtein. In general, the use of the websites of HerProtein is possible without any indication of personal data. However, if a certain person wishes to use our company's special services through our website, personal data processing may be required. If the processing of personal data is necessary and if there is no legal basis for such processing, we generally seek the consent of the data subject.

The processing of personal data, such as the name, address, e-mail address or telephone number of a data subject (see Annex A), is always in accordance with the General Data Protection Regulation and in accordance with the country-specific data protection provisions applicable to HerProtein. By means of this privacy declaration, our company wishes to inform the public about the nature, extent and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed of their rights by means of this privacy declaration.

As the controller, HerProtein has implemented numerous technical and organizational measures to ensure the most complete protection possible for processed personal data. Nevertheless, Internet-based data transmissions can generally have security holes, so that absolute protection cannot be guaranteed. For this reason, each data subject is free to submit personal data to us by alternative means, such as by post.

2. PRIVACY POLICY

HerProtein has a commitment to our visitors and customers to keep their information safe.  We at HerProtein keep strict guide lines in doing so, and pride ourselves on the level of security our website employs.  HerProtein collects information about our online users only on a voluntary basis, only when a visitor purchases our products or registers with our site.  This information is kept safe within our system and is never released, sold or made available to 3rd party entities.  HerProtein never discloses information regarding our visitors and/or customers, such as name, address, or telephone numbers.  Rest assured that your information is 100% safe and secure!

HerProtein collects non-personal information from visitors to track the total number of visitors to the site in and to identify the visitors Internet browser type.  This information is used solely to enhance your shopping experience for quicker and easier navigation.

Changes to this privacy policy can happen at anytime, but we will be prompt in updating them on these pages.

  1. Collection of general data and information

The website of HerProtein collects a series of general data and information each time the website is accessed by a data subject or an automated system. This general data and information is stored in the log files of the server. The (1) browser types and versions used, (2) the operating system used by the accessing system, (3) the internet page from which an accessing system accesses our website (so-called referrers), (4) the sub-web sites which are accessed via an accessing system on our website, (5) the date and time of access to the website, (6) an Internet Protocol address (IP address), (7) the Internet service provider of the accessing system and (8) other similar data and information used to prevent harm in the event of attacks on our information technology systems may be collected.

Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Inc. ("Google"). Google Analytics uses so-called "cookies", which are text files saved to your computer to analyze your website use. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. In case IP anonymization is being activated for this website, your IP address will be shortened by Google within Member States of the European Union or other states in agreement with the European Economic Area. Only in exceptional cases, the full IP address is sent to and shortened by a Google server in the USA. On behalf of the operator of the website, Google will use this information to evaluate your use of the website, compile reports on website activity and to provide further services related to website and internet use to the site operator. The IP address transferred through your browser to Google Analytics will not be combined with other data held by Google. You can prevent the storage of cookies by a corresponding setting of your browser software; however, please note that if you do this, you may not be able to use all the features of this website to the fullest extent possible. In addition, you may prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address) by Google as well as the processing of this data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=en

You can prevent the collection by Google Analytics by clicking on the following link.
An opt-out cookie will be set which prevents the future collection of your data when visiting this website.

For more information about Terms of Use and Privacy, please see the Google Analytics Terms or the Google Analytics Overview. Please be aware that this website uses Google Analytics with the extension code "gat._anonymizeIp();" in order to guarantee an anonymous collection of IP addresses (so called IP-Masking).

Use of Facebook components

This website uses components of the provider facebook.com. Facebook is a service of facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA.
Each time you visit our website, which is equipped with such a component, this component causes the browser you are using to download a corresponding representation of the component from facebook .Through this process, facebook is informed about which specific page of our website is currently being visited by you.
If you visit our page and you are logged into facebook, facebook recognizes through the information collected by the component which specific page you are visiting and assigns this information to your personal account on facebook. For example, if you click the "Like" button or if you make comments, this information will be transmitted to your personal account on facebook and stored there. In addition, the information that you have visited our site will be forwarded to facebook. This happens regardless of whether you click the component or not.
If you want to prevent this transmission and storage of data about you and your behavior on our website through facebook, you must log out of facebook before you visit our site. The data protection information provided by facebook provides more detailed information, in particular on the collection and use of data by facebook, about your rights in this regard as well as the setting options for protecting your privacy: https://www.facebook.com/about/privacy/
In addition, external tools are available on the market to block Facebook social plug-ins with add-ons for all major browsers http://webgraph.com/resources/facebookblocker/
An overview of the Facebook plugins can be found at https://developers.facebook.com/docs/plugins/ 

 

When using this general data and information, HerProtein does not draw conclusions about the data subject. Rather, this information is required to (1) correctly deliver the contents of our website, (2) optimize the content of our website and advertisements for the website, (3) to ensure the continued functioning of our information technology systems and the technology of our website, and ( 4) to provide law enforcement authorities with the information necessary for law enforcement in the event of a cyberattack. This anonymously collected data and information is therefore evaluated by HerProtein both statistically and with the aim of increasing data protection and data security in our company in order to ultimately ensure the best possible level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.

  1. Routine erasure and blocking of personal data

The controller shall process and store the personal data of the data subject only for the period necessary to achieve the purpose of storage, or as far as this is granted by the legislators in laws or regulations which the controller is subject to.

If the storage purpose is not applicable, or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data are routinely blocked or erased in accordance with legal requirements.

Furthermore, the data subject shall have a right to obtain information as to whether personal data are transferred to a third country or to an international organisation. Where this is the case, the data subject shall have the right to be informed of the appropriate safeguards relating to the transfer.

If a data subject wishes to make use of this confirmation right, they can contact our data protection officer or another employee of the controller at any time.

 

Appendix A

 

Data categories Customer

Consecutive number

Data fields

1

Email address

2

First name

3

Second name

4

Company

5

Street name & house number

6

Apartment number

7

City

8

Postcode

9

Country

10

Region

11

Telephone number

12

Credit card number

13

name on the credit card

14

Expiration date of the credit card

15

CVV code

 

A transmission of the data relevant in the respective individual case takes place on the basis of the legal regulations and / or contractual agreement to the following institutions: 

  • Tax consultants (external);
  • Tax Office
  • Contributing contractual and business partners to fulfill the contract, e.g. shipping/delivery companies, producers;
  • Banks;
  • Payment services 
  • Legal representatives if necessary;
  • Courts if necessary;
  • Administrative authorities if necessary;

SECTION 2 - SHOPIFY

Our store is hosted on Shopify Inc. Shopify provides us with the online e-commerce platform that allows us to sell our products and services to you.

Your data is stored through Shopify’s data storage, databases and the general Shopify application. Shopify stores your data on a secure server behind a firewall.  

Payment
If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted. All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers. For more insight, you may also want to read Shopify’s Terms of Service (https://www.shopify.com/legal/terms) or Privacy Statement (https://www.shopify.com/legal/privacy).

SECTION 3 - THIRD-PARTY SERVICES

In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.

However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.

For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.

In particular, remember that certain providers may be located in or have facilities that are located a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.

As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.

Once you leave our store’s website or are redirected to a third-party website or application, you are no longer governed by this Privacy Policy or our website’s Terms of Service. 

When you click on links on our store, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.

We may publish your personal information if we are legally obliged to do so or if you should violate our terms and conditions.

SECTION 4 - SECURITY

To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.

If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.

 

SECTION 5 - COOKIES

Here is a list of cookies that we use. We’ve listed them here so you that you can choose if you want to opt-out of cookies or not.

_session_id, unique token, sessional, Allows Shopify to store information about your session (referrer, landing page, etc).

_shopify_visit, no data held, Persistent for 30 minutes from the last visit, Used by our website provider’s internal stats tracker to record the number of visits.

_shopify_uniq, no data held, expires midnight (relative to the visitor) of the next day, Counts the number of visits to a store by a single customer.

cart, unique token, persistent for 2 weeks, Stores information about the contents of your cart.

_secure_session_id, unique token, sessional

 

storefront_digest, unique token, indefinite. If the shop has a password, this is used to determine if the current visitor has access.

 

SECTION 6 - AGE OF CONSENT

By using this site you declare that you are at least of age under the legislation of your state or province, where your place of residence is, or that you have the permission of your guardians to use this site. 

 

SECTION 7 - CHANGES TO THIS PRIVACY POLICY 

We reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it.

 

If our store is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell products to you.